From 68299b244372b1668c1708bff15a239649226dee Mon Sep 17 00:00:00 2001 From: Kotresh HR Date: Sun, 14 Oct 2018 19:54:48 +0530 Subject: cli: Fix heap-buffer-overflow issue reported by ASAN GF_MALLOC was being used to allocate memory which is not initialized. strcat is used on it which could result in buffer overflow if it contains garbage before '\0'. So changed it to GF_CALLOC. Traceback: ==23427==ERROR: AddressSanitizer: heap-buffer-overflow ... WRITE of size 5 at 0x6080000083fe thread T3 #0 0x7fb60966991c in __interceptor_strcat ... #1 0x48adc0 in config_parse ... #2 0x48cde8 in cli_cmd_gsync_set_parse ... ... Updates: bz#1633930 Change-Id: I3710f011d8139984b1898265d84d150c9bdc962b Signed-off-by: Kotresh HR --- cli/src/cli-cmd-parser.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'cli') diff --git a/cli/src/cli-cmd-parser.c b/cli/src/cli-cmd-parser.c index 85c7a30c678..fe5a763a19e 100644 --- a/cli/src/cli-cmd-parser.c +++ b/cli/src/cli-cmd-parser.c @@ -2746,7 +2746,10 @@ config_parse(const char **words, int wordcount, dict_t *dict, unsigned cmdi, /* trailing strcat will add two bytes, make space for that */ append_len++; - append_str = GF_MALLOC(append_len, cli_mt_append_str); + /* strcat is used on this allocation and hence expected to be + * initiatlized to 0. So GF_CALLOC is used. + */ + append_str = GF_CALLOC(1, append_len, cli_mt_append_str); if (!append_str) { ret = -1; goto out; -- cgit